Support cyclic request chains #119
Description
Is your feature request related to a problem? Please describe.
My API requires querying the same endpoint twice and adding a session variable in the response to the first request in the request body of the second request. WuppieFuzz will probably query the endpoint twice in a single input just by the DuplicateRequestMutator, but this does not establish the link between the response and request bodies.
Describe the solution you'd like
It would be useful to support sequences in the graph generation where the first and last request are to the same endpoint, and have a backreference between them. This could for example by done by allowing cycles (including self-cycles) in the graph generation. Inputs can then be generated to span an entire cycle and include one node (QualifiedOperation) twice. I have to look more into how cycles are handled at the moment but it seems they are generally not allowed by using a Cycle error type.
To do this we probably need to replace the use of toposort in dependency_graph/mod.rs with kosaraju_scc from the toposort package - ideally using the toposort package itself and getting rid of the CRUD-customization in dependency_graph/toposort.rs. And perhaps besides the point here, but it might be an idea to relax the CRUD-order requirement during input generation and make this an option (allow POST after GET).
Describe alternatives you've considered
- Creating the corpus by hand.
- Creating extra inputs from the original chains by checking whether it may be sensible to repeat the first node at the end with backreferences to the first node.
Additional context
Loosely related; @ringoTNO reported some trouble with the graph generation #87.